Open tobyzerner opened 8 years ago
After running into this issue today: flarum/framework#985
I'm permanently disabling Nginx cache in favor of Varnish for the API System.
Viewing the api docs it appears the best approach is to start by issuing a http purge request for every unsafe API call.
So for example:
POST /api/discussions - create a new discussion
PATCH /api/discussions/:id - update a discussion
DELETE /api/discussions/:id - delete a discussion
Would need generate a http purge upstream to varnish. This would be filtered through the VCL and expire the GET /api/discussions/:id - get a discussion by ID
@franzliedke mentioned doing away with the purge request altogether, by creating a rule to purge GET
every time an unsafe request is made by a user. Could this work out? I think so, but what about the times when a request passes through Varnish, expiring some cache but the request isn't successful at the webapp? It would at least be an inefficiency, though wouldn't be likely to occur often. Could this lack of validation from the webapp cause any other issues?
This is a starting point, but what to do with objects that are shared outside this request? The next step appears to be utilizing the BAN
function though to be entirely honest I'm not sure exactly how this would work.
See here for suggestions.
The gist is that there's at least a couple ways to go about getting varnish to know which objects in a request are shared and on which other pages. This gets fed back to a regex BAN
rule.
Going this route is more complicated than nginx, but more specific, and the safe way to cache dynamic content when the full page contains a mix of public/private data.
@webeindustry was this issue created to support caching on the hosting services?
Would be great if this was implemented in a cache agnostic way. I.e. don't depend on custom VCL in Varnish but use proper PURGE requests to update the cache(s) where needed and make sure that you can send a 304 really quickly.
Caching in Flarum is very difficult to implement if not impossible because of the way the api data is structured. Each api response includes user data about permissions, etc. We tried and failed.
Even for guests? Guest visits are easiest to cache and also the most effective.
Yes, even for guests. Have at it. It's a time waster as it's currently coded.
@dav-is @webeindustry what are the specific problems prevent guest caching from being feasible?
Sorry I've been out of town it seems my memory is off on this one that was a while ago now. @dav-is told me we didn't really have an issue with guest cache, but got so bummed that logged in sessions were a fail we scraped the whole idea until a better solution was implemented.
The issue being permissions and read status are sent with every logged in api Request
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!
The issue being permissions and read status are sent with every logged in api Request
This shouldn't be a problem for requests from guests?
I think this issue should be split into several parts:
Cache-Control: public
See: http://whitequark.org/blog/2014/04/05/page-caching-with-nginx/ http://apidock.com/rails/ActionController/ConditionalGet/stale%3F
Trying to think of the best way to do this... I guess on
Api\AbstractSerializeController
we can have some kind of method that returns an etag/last modified timestamp which thehandle
method checks and returns the appropriate response. Then our subclass controllers can override that method to provide appropriate data.